Caesars Entertainment has reportedly shelled out “tens of millions of dollars” to hackers who wielded a potent threat to expose sensitive company data. Bloomberg has shed light on this cyber assault, revealing that it was orchestrated by a group known as Scattered Spider, also identified as UNC 3944. This collective possesses formidable social engineering skills, enabling it to circumvent corporate network security easily. The incident marks the second major attack on a Las Vegas casino group, following a previous hack that triggered a cyber outage at MGM Resorts.
Scattered Spider comprises members hailing from the United States and the United Kingdom, with some as young as 19 years old. Their campaign against Caesars commenced as early as August 27th, starting with an intrusion into an external vendor’s system before infiltrating Caesars’ network. The company is expected to disclose the attack in an imminent regulatory filing officially.
Reports indicate that Scattered Spider has been operational since May 2022, primarily focusing their attacks on telecom and business outsourcing organizations, as detailed by Trellix. The group adopts the guise of IT personnel, leveraging social engineering tactics to persuade company officials to enable remote monitoring and other tools. Once inside, they exploit vulnerabilities and employ tools like “Stonestop” to elude security software. Security Week classifies them as a “financially-motivated threat actor.”
Scattered Spider’s involvement in the MGM Resorts cyber outage has also been reported, although another ransomware group, ALPHV/BlackCat, has claimed responsibility. ALPHV asserts that they too, used social engineering techniques to gain entry, stating that a mere ten-minute conversation was all it took. MGM reportedly declined to meet the ransom demand, setting the stage for a high-stakes cybersecurity battle in the modern digital landscape.